package org.apache.geode.distributed.internal.membership.gms.messenger;

import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.Cipher;
import javax.crypto.KeyAgreement;
import javax.crypto.SecretKey;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.geode.distributed.internal.DistributionConfig;
import org.apache.geode.distributed.internal.membership.InternalDistributedMember;
import org.apache.geode.distributed.internal.membership.NetView;
import org.apache.geode.distributed.internal.membership.gms.Services;

/* loaded from: input_file:org/apache/geode/distributed/internal/membership/gms/messenger/GMSEncrypt.class */
public class GMSEncrypt implements Cloneable {
    public static long encodingsPerformed;
    public static long decodingsPerformed;
    private static final int dhL = 1023;
    private Services services;
    private InternalDistributedMember localMember;
    private NetView view;
    private ConcurrentHashMap<InternalDistributedMember, PeerEncryptor>[] copyOfPeerEncryptors;
    private ClusterEncryptor[] copyOfClusterEncryptors;
    private ClusterEncryptor clusterEncryptor;
    private static final BigInteger dhP = new BigInteger("135287020639910739997189928970717021771311421882765429190887700940242697307989907008041927806610978529253822307916592536509818186767394634756714063947534092593553024224277712367371302394452615862654308111809029797196494501056604787763641987260783383085570220968104473500348898008043285865193451061481841186553");
    private static final BigInteger dhG = new BigInteger("130583456807197150961665134075139695376245536366239321690167044250081505657615277976871655435431431908701485776974110415733273525810283593126577393912282416840649805564834470583437473176415335737232689814802018696718110109967325936556664646275595822588612548788965341273697569202082715873518528062345259949959");
    public static final int numberOfPeerEncryptorCopies = Integer.getInteger("GMSEncrypt.MAX_ENCRYPTORS", Math.max(Runtime.getRuntime().availableProcessors() * 4, 16)).intValue();
    private PrivateKey dhPrivateKey = null;
    private PublicKey dhPublicKey = null;
    private String dhSKAlgo = null;
    private Map<InternalDistributedMember.InternalDistributedMemberWrapper, byte[]> memberToPeerEncryptor = new ConcurrentHashMap();

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/geode/distributed/internal/membership/gms/messenger/GMSEncrypt$ClusterEncryptor.class */
    public class ClusterEncryptor {
        byte[] secretBytes;
        Cipher encrypt;
        Cipher decrypt;

        public ClusterEncryptor(GMSEncrypt gMSEncrypt) throws Exception {
            GMSEncrypt gMSEncrypt2 = new GMSEncrypt(gMSEncrypt.services);
            this.secretBytes = GMSEncrypt.generateSecret(gMSEncrypt2.dhSKAlgo, gMSEncrypt2.dhPrivateKey, gMSEncrypt.dhPublicKey);
        }

        public ClusterEncryptor(byte[] bArr) {
            this.secretBytes = bArr;
        }

        public synchronized byte[] encryptBytes(byte[] bArr) throws Exception {
            return GMSEncrypt.encryptBytes(bArr, getEncryptCipher(GMSEncrypt.this.dhSKAlgo));
        }

        private Cipher getEncryptCipher(String str) throws Exception {
            try {
                if (this.encrypt == null) {
                    synchronized (this) {
                        if (this.encrypt == null) {
                            this.encrypt = GMSEncrypt.getEncryptCipher(str, this.secretBytes);
                        }
                    }
                }
                return this.encrypt;
            } catch (Exception e) {
                throw e;
            }
        }

        public synchronized byte[] decryptBytes(byte[] bArr) throws Exception {
            return GMSEncrypt.decryptBytes(bArr, getDecryptCipher(GMSEncrypt.this.dhSKAlgo));
        }

        private Cipher getDecryptCipher(String str) throws Exception {
            if (this.decrypt == null) {
                synchronized (this) {
                    if (this.decrypt == null) {
                        this.decrypt = GMSEncrypt.getDecryptCipher(str, this.secretBytes);
                    }
                }
            }
            return this.decrypt;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/apache/geode/distributed/internal/membership/gms/messenger/GMSEncrypt$PeerEncryptor.class */
    public class PeerEncryptor {
        private PublicKey peerPublicKey;
        private Cipher encrypt;
        private String peerSKAlgo = null;
        private Cipher decrypt = null;

        protected PeerEncryptor(byte[] bArr) throws Exception {
            this.peerPublicKey = null;
            this.peerPublicKey = GMSEncrypt.getPublicKey(bArr);
        }

        public synchronized byte[] encryptBytes(byte[] bArr) throws Exception {
            return GMSEncrypt.encryptBytes(bArr, getEncryptCipher(this.peerSKAlgo != null ? this.peerSKAlgo : GMSEncrypt.this.dhSKAlgo));
        }

        private Cipher getEncryptCipher(String str) throws Exception {
            try {
                if (this.encrypt == null) {
                    this.encrypt = GMSEncrypt.getEncryptCipher(str, GMSEncrypt.this.dhPrivateKey, this.peerPublicKey);
                }
                return this.encrypt;
            } catch (Exception e) {
                throw e;
            }
        }

        public synchronized byte[] decryptBytes(byte[] bArr) throws Exception {
            return GMSEncrypt.decryptBytes(bArr, getDecryptCipher(this.peerSKAlgo != null ? this.peerSKAlgo : GMSEncrypt.this.dhSKAlgo, this.peerPublicKey));
        }

        private Cipher getDecryptCipher(String str, PublicKey publicKey) throws Exception {
            if (this.decrypt == null) {
                this.decrypt = GMSEncrypt.getDecryptCipher(str, GMSEncrypt.this.dhPrivateKey, this.peerPublicKey);
            }
            return this.decrypt;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void installView(NetView netView) {
        this.view = netView;
        this.view.setPublicKey(this.services.getJoinLeave().getMemberID(), getPublicKeyBytes());
    }

    protected void installView(NetView netView, InternalDistributedMember internalDistributedMember) {
        this.view = netView;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getClusterSecretKey() {
        return this.clusterEncryptor.secretBytes;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized void initClusterSecretKey() throws Exception {
        if (this.clusterEncryptor == null) {
            this.clusterEncryptor = new ClusterEncryptor(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized void addClusterKey(byte[] bArr) {
        this.clusterEncryptor = new ClusterEncryptor(bArr);
    }

    protected GMSEncrypt() {
        initEncryptors();
    }

    private byte[] getRegisteredPublicKey(InternalDistributedMember internalDistributedMember) {
        return this.services.getPublicKey(internalDistributedMember);
    }

    public GMSEncrypt(Services services) throws Exception {
        this.services = services;
        initEncryptors();
        initDHKeys(services.getConfig().getDistributionConfig());
    }

    public GMSEncrypt(Services services, InternalDistributedMember internalDistributedMember) throws Exception {
        this.services = services;
        this.localMember = internalDistributedMember;
        initEncryptors();
        initDHKeys(services.getConfig().getDistributionConfig());
    }

    void initEncryptors() {
        this.copyOfPeerEncryptors = new ConcurrentHashMap[numberOfPeerEncryptorCopies];
        this.copyOfClusterEncryptors = new ClusterEncryptor[numberOfPeerEncryptorCopies];
    }

    public byte[] decryptData(byte[] bArr, InternalDistributedMember internalDistributedMember) throws Exception {
        return getPeerEncryptor(internalDistributedMember).decryptBytes(bArr);
    }

    public byte[] encryptData(byte[] bArr, InternalDistributedMember internalDistributedMember) throws Exception {
        return getPeerEncryptor(internalDistributedMember).encryptBytes(bArr);
    }

    public byte[] decryptData(byte[] bArr) throws Exception {
        return getClusterEncryptor().decryptBytes(bArr);
    }

    public byte[] decryptData(byte[] bArr, byte[] bArr2) throws Exception {
        return new PeerEncryptor(bArr2).decryptBytes(bArr);
    }

    public byte[] encryptData(byte[] bArr) throws Exception {
        return getClusterEncryptor().encryptBytes(bArr);
    }

    protected byte[] getPublicKeyBytes() {
        return this.dhPublicKey.getEncoded();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] getPublicKey(InternalDistributedMember internalDistributedMember) {
        try {
            InternalDistributedMember memberID = this.services.getMessenger().getMemberID();
            return (memberID == null || !memberID.equals(internalDistributedMember)) ? getPeerEncryptor(internalDistributedMember).peerPublicKey.getEncoded() : this.dhPublicKey.getEncoded();
        } catch (Exception e) {
            throw new RuntimeException("Not found public key for member " + internalDistributedMember, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setPublicKey(byte[] bArr, InternalDistributedMember internalDistributedMember) {
        try {
            this.memberToPeerEncryptor.put(new InternalDistributedMember.InternalDistributedMemberWrapper(internalDistributedMember), bArr);
            synchronized (this.copyOfPeerEncryptors) {
                for (ConcurrentHashMap<InternalDistributedMember, PeerEncryptor> concurrentHashMap : this.copyOfPeerEncryptors) {
                    if (concurrentHashMap != null) {
                        concurrentHashMap.remove(internalDistributedMember);
                    }
                }
            }
        } catch (Exception e) {
            throw new RuntimeException("Unable to create peer encryptor " + internalDistributedMember, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: clone, reason: merged with bridge method [inline-methods] */
    public GMSEncrypt m255clone() throws CloneNotSupportedException {
        try {
            GMSEncrypt gMSEncrypt = new GMSEncrypt();
            gMSEncrypt.localMember = this.localMember;
            gMSEncrypt.dhSKAlgo = this.dhSKAlgo;
            gMSEncrypt.services = this.services;
            gMSEncrypt.dhPublicKey = KeyFactory.getInstance("DH").generatePublic(new X509EncodedKeySpec(this.dhPublicKey.getEncoded()));
            System.out.println("private key format " + this.dhPrivateKey.getFormat());
            System.out.println("public ksy format " + this.dhPublicKey.getFormat());
            gMSEncrypt.dhPrivateKey = KeyFactory.getInstance("DH").generatePrivate(new PKCS8EncodedKeySpec(this.dhPrivateKey.getEncoded()));
            return gMSEncrypt;
        } catch (Exception e) {
            throw new RuntimeException("Unable to clone", e);
        }
    }

    private void initDHKeys(DistributionConfig distributionConfig) throws Exception {
        this.dhSKAlgo = distributionConfig.getSecurityUDPDHAlgo();
        if (this.dhSKAlgo == null || this.dhSKAlgo.length() <= 0) {
            return;
        }
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DH");
        keyPairGenerator.initialize(new DHParameterSpec(dhP, dhG, 1023));
        KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
        this.dhPrivateKey = generateKeyPair.getPrivate();
        this.dhPublicKey = generateKeyPair.getPublic();
    }

    protected PeerEncryptor getPeerEncryptor(InternalDistributedMember internalDistributedMember) throws Exception {
        Map<InternalDistributedMember, PeerEncryptor> peerEncryptorMap = getPeerEncryptorMap();
        PeerEncryptor peerEncryptor = peerEncryptorMap.get(internalDistributedMember);
        if (peerEncryptor == null) {
            synchronized (this) {
                peerEncryptor = peerEncryptorMap.get(internalDistributedMember);
                if (peerEncryptor == null) {
                    byte[] bArr = this.memberToPeerEncryptor.get(new InternalDistributedMember.InternalDistributedMemberWrapper(internalDistributedMember));
                    if (bArr == null) {
                        bArr = getRegisteredPublicKey(internalDistributedMember);
                    }
                    peerEncryptor = createPeerEncryptor(internalDistributedMember, bArr != null ? bArr : (byte[]) this.view.getPublicKey(internalDistributedMember));
                    peerEncryptorMap.put(internalDistributedMember, peerEncryptor);
                }
            }
        }
        return peerEncryptor;
    }

    private Map<InternalDistributedMember, PeerEncryptor> getPeerEncryptorMap() {
        int abs = Math.abs(Thread.currentThread().getName().hashCode() % numberOfPeerEncryptorCopies);
        ConcurrentHashMap<InternalDistributedMember, PeerEncryptor> concurrentHashMap = this.copyOfPeerEncryptors[abs];
        if (concurrentHashMap == null) {
            synchronized (this.copyOfPeerEncryptors) {
                concurrentHashMap = this.copyOfPeerEncryptors[abs];
                if (concurrentHashMap == null) {
                    concurrentHashMap = new ConcurrentHashMap<>();
                    this.copyOfPeerEncryptors[abs] = concurrentHashMap;
                }
            }
        }
        return concurrentHashMap;
    }

    private ClusterEncryptor getClusterEncryptor() {
        int abs = Math.abs(Thread.currentThread().getName().hashCode() % numberOfPeerEncryptorCopies);
        ClusterEncryptor clusterEncryptor = this.copyOfClusterEncryptors[abs];
        if (clusterEncryptor == null) {
            synchronized (this.copyOfClusterEncryptors) {
                clusterEncryptor = this.copyOfClusterEncryptors[abs];
                if (clusterEncryptor == null) {
                    clusterEncryptor = new ClusterEncryptor(getClusterSecretKey());
                    this.copyOfClusterEncryptors[abs] = clusterEncryptor;
                }
            }
        }
        return clusterEncryptor;
    }

    private PeerEncryptor createPeerEncryptor(InternalDistributedMember internalDistributedMember, byte[] bArr) throws Exception {
        return new PeerEncryptor(bArr);
    }

    private static int getKeySize(String str) {
        String str2;
        int indexOf = str.indexOf(58);
        int i = 0;
        if (indexOf >= 0) {
            str2 = str.substring(0, indexOf);
            i = Integer.parseInt(str.substring(indexOf + 1));
        } else {
            str2 = str;
        }
        int i2 = -1;
        if (str2.equalsIgnoreCase("DESede")) {
            i2 = 24;
        } else if (str2.equalsIgnoreCase("Blowfish")) {
            i2 = i > 128 ? i / 8 : 16;
        } else if (str2.equalsIgnoreCase("AES")) {
            i2 = (i == 192 || i == 256) ? i / 8 : 16;
        }
        return i2;
    }

    private static String getDhAlgoStr(String str) {
        int indexOf = str.indexOf(58);
        return indexOf >= 0 ? str.substring(0, indexOf) : str;
    }

    private static int getBlockSize(String str) {
        int i = -1;
        String dhAlgoStr = getDhAlgoStr(str);
        if (dhAlgoStr.equalsIgnoreCase("DESede")) {
            i = 8;
        } else if (dhAlgoStr.equalsIgnoreCase("Blowfish")) {
            i = 8;
        } else if (dhAlgoStr.equalsIgnoreCase("AES")) {
            i = 16;
        }
        return i;
    }

    public static byte[] encryptBytes(byte[] bArr, Cipher cipher) throws Exception {
        return cipher.doFinal(bArr);
    }

    public static byte[] decryptBytes(byte[] bArr, Cipher cipher) throws Exception {
        try {
            return cipher.doFinal(bArr);
        } catch (Exception e) {
            throw e;
        }
    }

    protected static synchronized Cipher getEncryptCipher(String str, PrivateKey privateKey, PublicKey publicKey) throws Exception {
        Cipher cipher;
        KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
        keyAgreement.init(privateKey);
        keyAgreement.doPhase(publicKey, true);
        int keySize = getKeySize(str);
        int blockSize = getBlockSize(str);
        if (keySize == -1 || blockSize == -1) {
            SecretKey generateSecret = keyAgreement.generateSecret(str);
            cipher = Cipher.getInstance(str);
            cipher.init(1, generateSecret);
        } else {
            String dhAlgoStr = getDhAlgoStr(str);
            byte[] generateSecret2 = keyAgreement.generateSecret();
            SecretKeySpec secretKeySpec = new SecretKeySpec(generateSecret2, 0, keySize, dhAlgoStr);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(generateSecret2, keySize, blockSize);
            cipher = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
            cipher.init(1, secretKeySpec, ivParameterSpec);
        }
        return cipher;
    }

    protected static Cipher getEncryptCipher(String str, byte[] bArr) throws Exception {
        Cipher cipher;
        int keySize = getKeySize(str);
        int blockSize = getBlockSize(str);
        if (keySize == -1 || blockSize == -1) {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, str);
            cipher = Cipher.getInstance(str);
            cipher.init(1, secretKeySpec);
        } else {
            String dhAlgoStr = getDhAlgoStr(str);
            SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr, 0, keySize, dhAlgoStr);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr, keySize, blockSize);
            cipher = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
            cipher.init(1, secretKeySpec2, ivParameterSpec);
        }
        return cipher;
    }

    protected static synchronized Cipher getDecryptCipher(String str, PrivateKey privateKey, PublicKey publicKey) throws Exception {
        Cipher cipher;
        KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
        keyAgreement.init(privateKey);
        keyAgreement.doPhase(publicKey, true);
        int keySize = getKeySize(str);
        int blockSize = getBlockSize(str);
        if (keySize == -1 || blockSize == -1) {
            SecretKey generateSecret = keyAgreement.generateSecret(str);
            cipher = Cipher.getInstance(str);
            cipher.init(2, generateSecret);
        } else {
            String dhAlgoStr = getDhAlgoStr(str);
            byte[] generateSecret2 = keyAgreement.generateSecret();
            SecretKeySpec secretKeySpec = new SecretKeySpec(generateSecret2, 0, keySize, dhAlgoStr);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(generateSecret2, keySize, blockSize);
            cipher = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
            cipher.init(2, secretKeySpec, ivParameterSpec);
        }
        return cipher;
    }

    protected static Cipher getDecryptCipher(String str, byte[] bArr) throws Exception {
        Cipher cipher;
        int keySize = getKeySize(str);
        int blockSize = getBlockSize(str);
        if (keySize == -1 || blockSize == -1) {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, str);
            cipher = Cipher.getInstance(str);
            cipher.init(2, secretKeySpec);
        } else {
            String dhAlgoStr = getDhAlgoStr(str);
            SecretKeySpec secretKeySpec2 = new SecretKeySpec(bArr, 0, keySize, dhAlgoStr);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr, keySize, blockSize);
            cipher = Cipher.getInstance(dhAlgoStr + "/CBC/PKCS5Padding");
            cipher.init(2, secretKeySpec2, ivParameterSpec);
        }
        return cipher;
    }

    protected static byte[] generateSecret(String str, PrivateKey privateKey, PublicKey publicKey) throws Exception {
        KeyAgreement keyAgreement = KeyAgreement.getInstance("DH");
        keyAgreement.init(privateKey);
        keyAgreement.doPhase(publicKey, true);
        return (getKeySize(str) == -1 || getBlockSize(str) == -1) ? keyAgreement.generateSecret(str).getEncoded() : keyAgreement.generateSecret();
    }

    protected static PublicKey getPublicKey(byte[] bArr) throws Exception {
        return KeyFactory.getInstance("DH").generatePublic(new X509EncodedKeySpec(bArr));
    }

    protected static void initEncryptCipher(KeyAgreement keyAgreement, List<PublicKey> list) throws Exception {
        Iterator<PublicKey> it = list.iterator();
        while (it.hasNext()) {
            keyAgreement.doPhase(it.next(), !it.hasNext());
        }
    }
}
